PIX 506 Maximun Performance & users

elepazote · ‎12-17-2001

I would like to know if anyone knows or had previos experience using Pix 506 Firewall with nat and pat of how many user it will stand?

Talking with Cisco they told me It can stand 30,000 simultaneos connections. If every user uses a maximum average of: 200 connections? 100 connections ?

Then it could stand for: 30000/200 =150 user?

or 30000/100 = 300 users?

Thanks

j-block · ‎12-26-2001

NAT and PAT are not difficult tasks for the PIX. Go with Cisco’s numbers. Add VPN and you can get a performance hit on the 506. In that case, you should getter a 515 instead.

rrushing · ‎01-17-2002

Along a similar line of questioning--

I have a PIX 520, running v 5.1 code. I have aprox 10k workstations on users networks behind the unit. It uses aprox 15-18m of INternet acess bandwidth. I am currently using PAT translations, along with static tunnels.

How many live IP addresses should I expect to need if I get away from using PAT and beging to use NAT instead ? Is ther a formula/calculation-- or just black magic and experience ?

Thanks--

turnbull · ‎01-19-2002

one address for each static, which will work for both directions and a range for the rest of the hosts.

29bit address range = 6 addresses

eg.

10 hosts inside

one mail server, one web server, = 2 statics

8 hosts left could share a global range of remaining 4 addresses. This would leave half unable to connect at a time obviously.

28bit range = 14 addresses = plenty for everybody

elepazote · ‎01-21-2002

About my first question would like to know if you have any comments. Thanks

hewryf · ‎02-05-2002

I couldn't imagine each user using 100 sessions. It depeneds on what your users are doing but I would say the average user may use 25 sessions max. Web browsing users will probably average 10-20 sessions.